Unix Administration 3

996 views
903 views

Published on

http://www.cju.com/classes/2002/ITI481-03/

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
996
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
69
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Unix Administration 3

  1. 1. ITI-481: Unix Administration Meeting 3 Christopher Uriarte, Instructor Rutgers University Center for Applied Computing Technologies
  2. 2. Today’s Agenda <ul><li>Account Management </li></ul><ul><li>File and directory permissions and management </li></ul>
  3. 3. Unix System Accounts <ul><li>Access to system resources is controlled through user and group assignments. </li></ul><ul><li>Two types of user accounts: </li></ul><ul><ul><li>“ Root” user – the system administrator; the “superuser” who has permission to execute every command and read every file on the system. “Root” has total control of everything on the system. </li></ul></ul><ul><ul><li>Normal user – any user that is not the root user. </li></ul></ul><ul><li>As you’ve experienced thus far, almost all UNIX administration is done as the root user. </li></ul>
  4. 4. Becoming the Root User <ul><li>There are two ways that you can log in as the root user </li></ul><ul><ul><li>Sitting at the system console, you can simply log in as root . </li></ul></ul><ul><ul><li>If your are logged in as another user, you can use the “ su ” command at the command prompt to change to the root user (you will be prompted for the root password). You then have full root rights until you exit your shell. </li></ul></ul><ul><ul><li>Root login is restricted via remote access (telnet or ssh) – you must first log in as a non-root user and then use “ su ” </li></ul></ul>
  5. 5. UNIX System Components Related to Account Creation <ul><li>/etc/passwd – The system user file, contains information about users on the system. </li></ul><ul><li>/etc/shadow – The file that actually contains the passwords </li></ul><ul><li>/etc/group – The system group file, defines user groups on the system. </li></ul><ul><li>User Home Directories ( /home/username ) </li></ul><ul><li>Initialization shell scripts ( .login, .bash_profile, .cshrc, etc. ) </li></ul>
  6. 6. Passwords on UNIX Systems <ul><li>Should always be encrypted when stored – all modern UNIX systems use password encryption. </li></ul><ul><ul><li>Crypt encryption – up to 8 characters </li></ul></ul><ul><ul><li>MD5 encryption – up to 256 characters </li></ul></ul><ul><li>Should be a combination of random letters, numbers, and special characters. </li></ul><ul><li>Used to be stored in /etc/passwd , but now stored in /etc/shadow </li></ul><ul><li>Passwords are set using the “ passwd ” command. Only the root user can change passwords for other users. </li></ul><ul><ul><li>passwd – changes your own password </li></ul></ul><ul><ul><li>passwd username – changes another user’s password </li></ul></ul>
  7. 7. The /etc/passwd File <ul><li>Stores a user’s username, unique user ID number, default group ID number, Full name, home directory and login shell. </li></ul><ul><ul><li>Each user on the system has a unique UID, assigned by the system. </li></ul></ul><ul><ul><li>The root user has the UID of 0 (zero) – THIS is what characterizes the root user, not the username “root” </li></ul></ul><ul><li>/etc/passwd File format: (One Entry Per Line, fields separated by colons): username:x:user ID (UID):default group (GID):name (GECOS): home directory:login shell </li></ul><ul><li>Sample entry (with shadow file): kkaplan:x:500:500:Kellee Kaplan:/home/kkaplan:/bin/bash </li></ul><ul><li>Typical file permissions: -rw-r--r-- 1 root root 865 Mar 28 10:44 /etc/passwd </li></ul>
  8. 8. The /etc/shadow File <ul><li>Stores encrypted user passwords. </li></ul><ul><li>/etc/shadow File Format: login name:encrypted password: other options for password expiration and changing (non-standard) </li></ul><ul><li>Sample entry (One Entry Per Line, fields separated by colons): kkaplan:$1$iwdVDnei&aBcxvpyYi06:10987:0:99999: </li></ul><ul><li>Typical permissions (IMPORTANT!): -r-------- 1 root root 752 Jan 31 11:45 /etc/shadow </li></ul>
  9. 9. The /etc/group File <ul><li>Contains information about system groups and the users that are members of each group. </li></ul><ul><li>Contains the fields: Groups Name, unique group ID number and a list of the groups members. </li></ul><ul><li>Entry format: group name:x:GID:comma-separated list of group members </li></ul><ul><li>Sample entry: staff:x:103:kkaplan,jsmith,jdoe </li></ul><ul><ul><li>(a group called staff with the members kkaplan, jsmith and jdoe) </li></ul></ul>
  10. 10. Account Management Tools <ul><li>With the exception of /etc/group, all account management files are managed through simple command-line tools. </li></ul><ul><li>Command line </li></ul><ul><ul><li>Users: useradd, userdel, usermod </li></ul></ul><ul><ul><li>Groups: groupadd, groupdel, groupmod </li></ul></ul><ul><ul><li>Specific fields: passwd, chsh </li></ul></ul><ul><li>Graphical </li></ul><ul><ul><li>LinuxConf (Linux only) </li></ul></ul><ul><ul><li>Control-panel </li></ul></ul><ul><ul><li>Lots of other graphical UNIX utilities. </li></ul></ul>
  11. 11. Managing Users <ul><li>The useradd utility is used to create system user accounts. </li></ul><ul><li>You can simply add a user with: </li></ul><ul><ul><li>useradd johndoe </li></ul></ul><ul><ul><li>(Creates the user johndoe on the system) </li></ul></ul><ul><li>useradd has a number of simple options, that allow you to specify user attributes during account creation. </li></ul>
  12. 12. useradd Syntax and options <ul><li>Useradd options include: </li></ul><ul><li>-u UID -g default group </li></ul><ul><li>-d home directory -s default shell path </li></ul><ul><li>-c “Comment or Full name” </li></ul><ul><li>-m (make the user's home directory) </li></ul><ul><li>useradd –m –d /opt/home/chrisjur –g staff –s /bin/bash chrisjur </li></ul><ul><li>Creates a user named “chrisjur”, makes his home directory, sets his home directory to /opt/home/chrisjur, sets his group to “staff”, sets his shell to /bin/bash </li></ul>
  13. 13. Important useradd Tip! <ul><li>After you add a user, YOU MUST assign a password to the user using the “passwd” command. </li></ul><ul><ul><li>passwd username </li></ul></ul><ul><li>The user will not be able to login until you set a password! </li></ul>
  14. 14. useradd Syntax and options <ul><li>If no options are specified, system defaults are used when creating a user (default shell, default home directory path, etc.) </li></ul><ul><li>Similarly, the usermod command can be used to modify an existing user’s attributes using the same syntax as useradd . </li></ul><ul><ul><li>usermod –s /bin/sh chrisjur </li></ul></ul><ul><ul><li>Changes chrisjur’s shell to /bin/sh </li></ul></ul>
  15. 15. Deleting System User Accounts <ul><li>System users can be deleted using the userdel command with the syntax: </li></ul><ul><ul><li>userdel username </li></ul></ul><ul><li>e.g: </li></ul><ul><ul><li>userdel chrisjur </li></ul></ul><ul><ul><li>Deletes the user chrisjur from the system. </li></ul></ul><ul><li>userdel DOES NOT delete a user’s home directory or its contents. You must either delete it manually or use the “-r” switch with userdel ( userdel –r username ) </li></ul>
  16. 16. Exercise: Account Creation with Command Line Tools <ul><li>Use useradd to create an account for the login student3 . Use the appropriate flags to set a default group of “users”, a home directory of /home/student3, and a password of your choosing. </li></ul><ul><li>Login to the student3 account. </li></ul><ul><li>Use userdel to remove the student3 account. </li></ul>
  17. 17. UNIX Groups <ul><li>UNIX provides a grouping functionality that allows you to group system users together, allowing them to access common system resources, such as files and directories. </li></ul><ul><li>UNIX groups provide a typical way for non-root users to collaborate on projects by sharing permissions (write/read/execute permissions) on system resources. </li></ul>
  18. 18. Grouping Example <ul><li>Problem: You have a series of web pages files that reside under /var/opt/www/htdocs. You need give your 3-person web-development team the ability to edit these files. </li></ul><ul><li>Solution: Create a group called “webdev”, place the 3 users in the devel team in the group and make /var/opt/www/htdocs and all its files group-readable, writeable and executable. </li></ul>
  19. 19. Creating UNIX Groups <ul><li>You can create UNIX groups using the groupadd utility: </li></ul><ul><ul><li>groupadd staff </li></ul></ul><ul><ul><li>Creates a group called “staff” </li></ul></ul><ul><li>After creating a group, you must then manually add members to the group by adding their usernames to that groups line in the /etc/group file. </li></ul><ul><li>Group members are added to /etc/group as a comma-separated list after the group name and parameters. </li></ul>
  20. 20. Adding Users to Groups <ul><li>After creating a group called “staff” (using groupadd staff ), an entry is placed in /etc/group that looks like this: </li></ul><ul><ul><li>staff:x:506: </li></ul></ul><ul><li>You can add the users chris,john and joe to the group by editing /etc/group and adding them after the last colon: </li></ul><ul><ul><li>staff:x:506:chris,john,joe </li></ul></ul>
  21. 21. Deleting Groups <ul><li>You can delete groups using the groupdel command: </li></ul><ul><ul><li>groupdel groupname </li></ul></ul>
  22. 22. Changing File Ownership <ul><li>If you want to change the ownership of a file or directory to another user, you can use the chown command: </li></ul><ul><ul><li>chown <user> <file(s)> </li></ul></ul><ul><ul><li>chown chris /home/chris/hisfile.txt </li></ul></ul><ul><ul><li>chown chris /home/chris </li></ul></ul><ul><li>Useful chown option: “-R” – recursively change ownership: </li></ul><ul><ul><li>chown –R chris /home/chris </li></ul></ul><ul><ul><li>#Changes /home/chris and all files/directories under it to chris’s ownership </li></ul></ul>
  23. 23. Changing Group Associations <ul><li>If you would like to associated a file or directory with a particular group, you can use the chgrp command: </li></ul><ul><ul><li>chgrp <group name> <file(s)> </li></ul></ul><ul><ul><li>chgrp staff /home/staff/groupfile.txt </li></ul></ul><ul><ul><li>chgrp staff /home/staff/projects </li></ul></ul><ul><li>Useful chgrp option: “-R” – recursively change group associations: </li></ul><ul><ul><li>chown –R staff /home/staff </li></ul></ul><ul><ul><li>#Associates /home/staff and all files/directories under it with the staff group </li></ul></ul>
  24. 24. Using chmod with Groups <ul><li>You can use chmod to change a files group permissions. </li></ul><ul><li>-rwxr--r-- chris staff 100 Apr 4 2000 file.txt </li></ul><ul><li>#file readable, writeable and executable by its owner, and readable by members of its group and other users. </li></ul><ul><li>Use chmod to allow members of the staff group to read, write and execute the file. </li></ul><ul><li>[user@host]# chmod g+rwx file.txt </li></ul><ul><li>-rwxrwxr-- chris staff 100 Apr 4 2000 file.txt </li></ul><ul><li>#file is now readable, writeable and executeable by its owner AND members of the staff group – but only readable by all other system users. </li></ul>
  25. 25. Exercise: User and Group Creation <ul><li>Create two users: user1 and user2 </li></ul><ul><li>Create a group called “class” </li></ul><ul><li>Create a file called /etc/classtest.txt with the words “Hello world” in it. </li></ul><ul><li>Associate the file /etc/classtest.txt with the “class” group </li></ul><ul><li>Set the permissions so members of its group can write to the file. </li></ul><ul><li>Add user1 and user2 to the group. </li></ul><ul><li>Logout and log back in as user1 – attempt to write to the file. Logout. </li></ul><ul><li>Login as user2 - attempt to write to the file. </li></ul>
  26. 26. Homework <ul><li>TBA </li></ul>

×